Today Sophos is pushing new updates to NTP Engine, causing short outages on every computer.
This produces some ammount of calls in our helpdesk and I'd like to run a query in Live Discover about computers that have received the update.
This would be nice for all Sophos Updates, because Central basic logging does not log update events at all.
Can Sophos please provide such query code?
If this will get logged normally some day, no manual query would needed anymore.
Can you use a data lake query that uses the windows_programs: Document (sophos.com)
SELECT distinct meta_hostname AS ep_name, name, version, language, install_source, publisher, identifying_number, ins…
SELECT distinct meta_hostname AS ep_name, name, version, language, install_source, publisher, identifying_number, install_dateFROM xdr_dataWHERE query_name = 'windows_programs' and name ='Sophos Network Threat Protection' and version='184.108.40.206'
I'm not sure of the version but you can check a computer or leave that out of the where clause and just export all the data to Excel and use a pivot table.
Yes, this works. Thank you!